Difference between revisions of "Reactive Firewall"
m (fixed typo) |
(added in link to peerguardian's p2p ip list) |
||
| Line 4: | Line 4: | ||
The final stage of this project will be to add an option to join a network (possibly p2p) of trusted firewalls on the internet that will ALL retaliate when one is attacked. This part of the project would be completely optional and not required to use other functionality of the firewall. The firewalls may also submit newly detected attacks to a central server (also optional). | The final stage of this project will be to add an option to join a network (possibly p2p) of trusted firewalls on the internet that will ALL retaliate when one is attacked. This part of the project would be completely optional and not required to use other functionality of the firewall. The firewalls may also submit newly detected attacks to a central server (also optional). | ||
| + | |||
| + | The firewall also needs to take into account the various ip ranges already marked bad by groups similar to [http://peerguardian.sourceforge.net/lists/ peerguardian]. | ||
Revision as of 12:05, 24 January 2007
Initially, this would be a firewall that had a pre-programmed set of attacks to be detected and used against an attacker.
The next stage of the project would be to make the firewall adaptive. It would dynamically detect attacks based on the certain parameters (shellcode/attempted buffer overflows/etc.) and once it has been hit several times by a specific attack on a particular service, it takes note of the service and the general format of the attack and generates its own version to be used against attackers.
The final stage of this project will be to add an option to join a network (possibly p2p) of trusted firewalls on the internet that will ALL retaliate when one is attacked. This part of the project would be completely optional and not required to use other functionality of the firewall. The firewalls may also submit newly detected attacks to a central server (also optional).
The firewall also needs to take into account the various ip ranges already marked bad by groups similar to peerguardian.
